[ISN] Linux Advisory Watch - April 3rd 2009

From: InfoSec News <alerts_at_private>
Date: Fri, 3 Apr 2009 06:18:18 -0600 (CST)
+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| April 3rd, 2009                                 Volume 10, Number 14 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for openswan, strongswan,
nss-ldapd, auth2db, xulrunner, seamonkey, kazehakase, gtmozembedmm,
miro, mugshot, yelp, totem, mcmanx-gtk2, ruby, epiphany, chmsee,
devhelp, gecko-sharp2, galeon, blam, krb5, libsoup, icu, xine,
ghostscript, gst, and lcms.  The distributors include Debian, Fedora,
Red Hat, Ubuntu, and Pardus.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond.  But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?"  The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.

http://www.linuxsecurity.com/content/view/145939

---

A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.

http://www.linuxsecurity.com/content/view/144088

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: New openswan packages fix denial of service (Mar 30)
  ------------------------------------------------------------
  Two vulnerabilities have been discovered in openswan, an IPSec
  implementation for linux.

  http://www.linuxsecurity.com/content/view/148465

* Debian: New strongswan packages fix denial of service (Mar 30)
  --------------------------------------------------------------
  Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
  IPSec implementation for linux, is prone to a denial of service
  attack via a malicious packet.

  http://www.linuxsecurity.com/content/view/148464

* Debian: New nss-ldapd packages fix information disclosure (Mar 30)
  ------------------------------------------------------------------
  Leigh James that discovered that nss-ldapd, an NSS module for using
  LDAP as a naming service, by default creates the configuration file
  /etc/nss-ldapd.conf world-readable which could leak the configured
  LDAP password if one is used for connecting to the LDAP server.

  http://www.linuxsecurity.com/content/view/148463

* Debian: New auth2db packages fix SQL injection (Mar 30)
  -------------------------------------------------------
  It was discovered that auth2db, an IDS logger, log viewer and alert
  generator, is prone to an SQL injection vulnerability, when used with
  multibyte character encodings.

  http://www.linuxsecurity.com/content/view/148456

* Debian: New xulrunner packages fix multiple vulnerabilities (Mar 29)
  --------------------------------------------------------------------
  Several remote vulnerabilities have been discovered in Xulrunner, a
  runtime environment for XUL applications, such as the Iceweasel web
  browser.

  http://www.linuxsecurity.com/content/view/148454

------------------------------------------------------------------------

* Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 31)
  ------------------------------------------------
  http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
  l

  http://www.linuxsecurity.com/content/view/148468

* Fedora 9 Update: glib2-2.16.6-3.fc9 (Mar 31)
  --------------------------------------------
  This update fixes possible integer overflows in the base64 handling
  functions. This has been reported in CVE-2008-4316.

  http://www.linuxsecurity.com/content/view/148467

* Fedora 10 Update: seamonkey-1.1.15-3.fc10 (Mar 31)
  --------------------------------------------------
  http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
  l

  http://www.linuxsecurity.com/content/view/148466

* Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 30)
  ------------------------------------------------
  http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
  l

  http://www.linuxsecurity.com/content/view/148460

* Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 28)
  -----------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148445

* Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 28)
  --------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148446

* Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 28)
  ----------------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148447

* Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 28)
  ------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148448

* Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 28)
  ----------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148449

* Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 28)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148450

* Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 28)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148451

* Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 28)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148452

* Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 28)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148453

* Fedora 10 Update: mugshot-1.2.2-7.fc10 (Mar 28)
  -----------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148431

* Fedora 10 Update: mozvoikko-0.9.5-8.fc10 (Mar 28)
  -------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148432

* Fedora 10 Update: pcmanx-gtk2-0.3.8-7.fc10 (Mar 28)
  ---------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148433

* Fedora 10 Update: ruby-gnome2-0.18.1-5.fc10 (Mar 28)
  ----------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148434

* Fedora 10 Update: yelp-2.24.0-7.fc10 (Mar 28)
  ---------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148435

* Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 28)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148436

* Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 28)
  ----------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148437

* Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 28)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148438

* Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 28)
  -------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148439

* Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 28)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148440

* Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 28)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148441

* Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 28)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148442

* Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 28)
  ------------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148443

* Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 28)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148444

* Fedora 10 Update: gecko-sharp2-0.13-6.fc10 (Mar 28)
  ---------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148425

* Fedora 10 Update: gnome-python2-extras-2.19.1-28.fc10 (Mar 28)
  --------------------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148426

* Fedora 10 Update: gnome-web-photo-0.3-16.fc10 (Mar 28)
  ------------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148427

* Fedora 10 Update: google-gadgets-0.10.5-4.fc10 (Mar 28)
  -------------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148428

* Fedora 10 Update: kazehakase-0.5.6-1.fc10.5 (Mar 28)
  ----------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148429

* Fedora 10 Update: Miro-2.0.3-2.fc10 (Mar 28)
  --------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148430

* Fedora 10 Update: firefox-3.0.8-1.fc10 (Mar 28)
  -----------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148417

* Fedora 10 Update: xulrunner-1.9.0.8-1.fc10 (Mar 28)
  ---------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148418

* Fedora 10 Update: galeon-2.0.7-8.fc10 (Mar 28)
  ----------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148419

* Fedora 10 Update: devhelp-0.22-6.fc10 (Mar 28)
  ----------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148420

* Fedora 10 Update: epiphany-2.24.3-4.fc10 (Mar 28)
  -------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148421

* Fedora 10 Update: epiphany-extensions-2.24.0-6.fc10 (Mar 28)
  ------------------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148422

* Fedora 10 Update: blam-1.8.5-8.fc10 (Mar 28)
  --------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148423

* Fedora 10 Update: evolution-rss-0.1.2-6.fc10 (Mar 28)
  -----------------------------------------------------
  A memory corruption flaw was discovered in the way Firefox handles
  XML files containing an XSLT transform. A remote attacker could use
  this flaw to crash Firefox or, potentially, execute arbitrary code as
  the user running Firefox. (CVE-2009-1169)    A flaw was discovered in
  the way Firefox handles certain XUL garbage collection events. A
  remote attacker could use this flaw to crash Firefox or, potentially,
  execute arbitrary code as the user running Firefox. (CVE-2009-1044)

  http://www.linuxsecurity.com/content/view/148424

* Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 27)
  ------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148411

* Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 27)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148412

* Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 27)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148413

* Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 27)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148414

* Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 27)
  -------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148398

* Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 27)
  ----------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148399

* Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 27)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148400

* Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 27)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148401

* Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 27)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148402

* Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 27)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148403

* Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 27)
  --------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148404

* Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 27)
  ------------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148405

* Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 27)
  ----------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148406

* Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 27)
  -----------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148407

* Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 27)
  ----------------------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148408

* Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 27)
  -----------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148409

* Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 27)
  --------------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148410

* Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 27)
  ---------------------------------------------
  Mozilla Firefox is an open source Web browser. XULRunner provides the
  XUL Runtime environment for Mozilla Firefox.	  A memory corruption
  flaw was discovered in the way Firefox handles XML files containing
  an XSLT transform. A remote attacker could use this flaw to crash
  Firefox or, potentially, execute arbitrary code as the user running
  Firefox. (CVE-2009-1169)    A flaw was discovered in the way Firefox
  handles certain XUL garbage collection events. A remote attacker
  could use this flaw to crash Firefox or, potentially, execute
  arbitrary code as the user running Firefox. (CVE-2009-1044)	 This
  update also provides depending packages rebuilt against new Firefox
  version.    Miro updates to upstream 2.0.3.  Provides new features
  and fixes various bugs in 1.2.x series

  http://www.linuxsecurity.com/content/view/148397

* Fedora 10 Update: netatalk-2.0.3-23.fc10 (Mar 26)
  -------------------------------------------------
  The bug fixes backporting from upstream.

  http://www.linuxsecurity.com/content/view/148382

* Fedora 9 Update: netatalk-2.0.3-21.fc9 (Mar 26)
  -----------------------------------------------
  The bug fixes backporting from upstream.

  http://www.linuxsecurity.com/content/view/148381

* Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-13.b14.fc10 (Mar 26)
  -----------------------------------------------------------------
  Updated lcms to 1.18 in openjdk. this fixes many security issues.

  http://www.linuxsecurity.com/content/view/148380

------------------------------------------------------------------------

* Gentoo: gedit Untrusted search path (Mar 30)
  --------------------------------------------
  A vulnerability in gedit might allow local attackers to execute
  arbitrary code.

  http://www.linuxsecurity.com/content/view/148462

* Gentoo: Analog Denial of Service (Mar 29)
  -----------------------------------------
  A Denial of Service vulnerability was discovered in Analog.

  http://www.linuxsecurity.com/content/view/148455

------------------------------------------------------------------------

* Mandriva: [ MDVSA-2009:084 ] firefox (Apr 1)
  --------------------------------------------
  Security vulnerabilities have been discovered in previous versions,
  and corrected in the latest Mozilla Firefox 3.x, version 3.0.8
  (CVE-2009-1044, CVE-2009-1169). This update provides the latest
  Mozilla Firefox 3.x to correct these issues. Additionally, some
  packages requiring it have also been rebuilt and are being provided
  as updates.

  http://www.linuxsecurity.com/content/view/148478

* Mandriva: [ MDVSA-2009:083 ] mozilla-thunderbird (Apr 1)
  --------------------------------------------------------
  A number of security vulnerabilities have been discovered in previous
  versions, and corrected in the latest Mozilla Thunderbird program,
  version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771,
  CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352,
  CVE-2009-0353). This update provides the latest Thunderbird to
  correct these issues. Additionaly, Mozilla Thunderbird released with
  Mandriva Linux 2009.0, when used with Enigmail extension on x86_64
  architechture, would freeze whenever any Enigmail function was used
  (bug #45001). Also, when used on i586 architecture, Thunderbird would
  crash when sending an email, if a file with an unknown extension was
  attached to it. (bug #46107) This update also fixes those issues.

  http://www.linuxsecurity.com/content/view/148476

* Mandriva: [ MDVSA-2009:082 ] krb5 (Mar 30)
  ------------------------------------------
  The spnego_gss_accept_sec_context function in
  lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
  when SPNEGO is used, allows remote attackers to cause a denial of
  service (NULL pointer dereference and application crash) via invalid
  ContextFlags data in the reqFlags field in a negTokenInit token
  (CVE-2009-0845). This update provides the fix for that security
  issue.

  http://www.linuxsecurity.com/content/view/148458

* Mandriva: [ MDVSA-2009:081 ] libsoup (Mar 27)
  ---------------------------------------------
  An integer overflow in libsoup Base64 encoding and decoding functions
  enables attackers either to cause denial of service and to execute
  arbitrary code (CVE-2009-0585). This update provides the fix for that
  security issue.

  http://www.linuxsecurity.com/content/view/148394

* Mandriva: [ MDVSA-2009:080 ] glib2.0 (Mar 26)
  ---------------------------------------------
  Multiple integer overflows in GLib's Base64 encoding and decoding
  functions enable attackers (possibly remote ones, depending on the
  applications glib2 is linked against with - mostly GNOME ones) either
  to cause denial of service and to execute arbitrary code via an
  untrusted input (CVE-2008-4316).

  http://www.linuxsecurity.com/content/view/148389

------------------------------------------------------------------------

* RedHat: Important: kernel security and bug fix update (Apr 1)
  -------------------------------------------------------------
  Updated kernel packages that fix several security issues and several
  bugs are now available for Red Hat Enterprise Linux 5. This update
  has been rated as having important security impact by the Red Hat
  Security Response Team.

  http://www.linuxsecurity.com/content/view/148475

* RedHat: Important: openswan security update (Mar 30)
  ----------------------------------------------------
  Updated openswan packages that fix various security issues are now
  available for Red Hat Enterprise Linux 5. This update has been rated
  as having important security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/148459

* RedHat: Critical: firefox security update (Mar 27)
  --------------------------------------------------
  Updated firefox packages that fix two security issues are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having critical security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/148395

* RedHat: Critical: seamonkey security update (Mar 27)
  ----------------------------------------------------
  Updated seamonkey packages that fix two security issues are now
  available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has
  been rated as having critical security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/148396

* RedHat: Important: kernel-rt security and bug fix update (Mar 27)
  -----------------------------------------------------------------
  Updated kernel-rt packages that fix several security issues and
  several bugs are now available for Red Hat Enterprise MRG 1.1. This
  update has been rated as having important security impact by the Red
  Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/148390

* RedHat: Critical: java-1.6.0-sun security update (Mar 26)
  ---------------------------------------------------------
  Updated java-1.6.0-sun packages that correct several security issues
  are now available for Red Hat Enterprise Linux 4 Extras and 5
  Supplementary. This update has been rated as having critical security
  impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/148385

* RedHat: Critical: java-1.5.0-sun security update (Mar 26)
  ---------------------------------------------------------
  Updated java-1.5.0-sun packages that correct several security issues
  are now available for Red Hat Enterprise Linux 4 Extras and 5
  Supplementary. This update has been rated as having critical security
  impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/148386

* RedHat: Moderate: net-snmp security update (Mar 26)
  ---------------------------------------------------
  Updated net-snmp packages that fix a security issue are now available
  for Red Hat Enterprise Linux 3. This update has been rated as having
  moderate security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/148383

* RedHat: Moderate: systemtap security update (Mar 26)
  ----------------------------------------------------
  Updated systemtap packages that fix a security issue are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/148384

------------------------------------------------------------------------

* Slackware:   mozilla-firefox (Mar 28)
  -------------------------------------
  New mozilla-firefox packages are available for Slackware 12.2, and
  -current to fix security issues. The new packages may also be used
  with earlier versions of Slackware.

  http://www.linuxsecurity.com/content/view/148416

* Slackware:   glib2 (Mar 28)
  ---------------------------
  New glib2 packages are available for Slackware 12.0, 12.1, 12.2, and
  -current to fix overflows that may be security issues.

  http://www.linuxsecurity.com/content/view/148415

------------------------------------------------------------------------

* SuSE: acroread (SUSE-SA:2009:014) (Mar 27)
  ------------------------------------------
  Multiple flaws in the JBIG2 decoder and the JavaScript engine of the
    Adobe Reader allowed attackers to crash acroread or even execute
  arbitrary code by tricking users into opening specially crafted PDF
   files.

  http://www.linuxsecurity.com/content/view/148393

------------------------------------------------------------------------

* Ubuntu:  libsndfile vulnerability (Mar 30)
  ------------------------------------------
  It was discovered that libsndfile did not correctly handle
  description chunks in CAF audio files. If a user or automated system
  were tricked into opening a specially crafted CAF audio file, an
  attacker could execute arbitrary code with the privileges of the user
  invoking the program.

  http://www.linuxsecurity.com/content/view/148461

* Ubuntu:  ICU vulnerability (Mar 26)
  -----------------------------------
  It was discovered that libicu did not correctly handle certain
  invalid encoded data. If a user or automated system were tricked into
  processing specially crafted data with applications linked against
  libicu, certain content filters could be bypassed.

  http://www.linuxsecurity.com/content/view/148387

* Ubuntu:  xine-lib vulnerability (Mar 26)
  ----------------------------------------
  It was discovered that the 4xm demuxer in xine-lib did not correctly
  handle a large current_track value in a 4xm file, resulting in an
  integer overflow. If a user or automated system were tricked into
  opening a specially crafted 4xm movie file, an attacker could crash
  xine-lib or possibly execute arbitrary code with the privileges of
  the user invoking the program. (CVE-2009-0698)

  http://www.linuxsecurity.com/content/view/148388

------------------------------------------------------------------------

* Pardus: Virtualbox: Privilege escalation (Apr 1)
  ------------------------------------------------
  A vulnerability has been reported in Sun xVM VirtualBox, which  can
  be exploited by malicious, local users to gain escalated privileges.

  http://www.linuxsecurity.com/content/view/148474

* Pardus: Firefox: Multiple Denial of Service (Apr 1)
  ---------------------------------------------------
  Mozilla Firefox is prone to two remote code-execution
  vulnerabilities. Attackers can exploit this issue  to  execute
  arbitrary  code  in  the context of the user	running  the  browser.
  Successful  exploits	will compromise the application and possibly
  the computer.

  http://www.linuxsecurity.com/content/view/148473

* Pardus: Sun-Java: Multiple Vulnerabilities (Apr 1)
  --------------------------------------------------
  Some vulnerabilities have been reported  in  Sun  Java,  which  can
  be exploited by malicious people to bypass certain security
  restrictions, cause a DoS (Denial of Service), or  potentially
  compromise  a  user's system.

  http://www.linuxsecurity.com/content/view/148472

* Pardus: Ghostscript: Multiple Integer (Apr 1)
  ---------------------------------------------
  The Ghostscript International Color Consortium Format
  Library(icclib), implementing support for the cross-platform	device
  independent  color profile format, is  prone	to  multiple  integer
  overflows  and  lacks multiple upper-bounds checks on certain
  variable sizes.

  http://www.linuxsecurity.com/content/view/148470

* Pardus: Gst-plugins-base: Integer Overflow (Apr 1)
  --------------------------------------------------
  A vulnerability has been reported in GStreamer, which can potentially
  by exploited by malicious people to compromise an  application  using
   the library.

  http://www.linuxsecurity.com/content/view/148471

* Pardus: Lcms: Multiple Vulnerabilities (Apr 1)
  ----------------------------------------------
  LittleCMS, an open source color management engine, suffers from
  several integer overflows resulting in stack based  buffer
  overflows,  various heap errors and memory leaks.

  http://www.linuxsecurity.com/content/view/148469

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Fri Apr 03 2009 - 05:18:18 PDT

This archive was generated by hypermail 2.2.0 : Fri Apr 03 2009 - 05:35:06 PDT